Government Gurus Warn of Stolen SSH Rootkit Attacks

by Justin Ryan
on August 27, 2008

The United States Computer Emergency Readiness Team is warning users running Linux systems and utilizing SSH for system access that a new round of rootkit attacks is underway. According to reports, the attacks focus on using stolen SSH keys to gain system access, after which the attackers use kernel exploits to gain root access and deploy the phalanx2 rootkit. Once installed, the rootkit steals SSH keys from the system which may then be used to further the attacks.

US-CERT has provided instructions for detecting and mitigating the attacks, as well as advice for those who determine their systems have been compromised.

Load Disqus comments

Firstwave Cloud

 

Recent Articles

Rebuilding and Modifying Debian Packages
Rebuilding and Modifying Debian Packages
George Whittaker
Understanding Backup and Disaster Planning Solutions for Linux
Understanding Backup and Disaster Planning Solutions for Linux
George Whittaker
How to Build Resilience with Linux High Availability Clustering
How to Build Resilience with Linux High Availability Clustering
George Whittaker
Harnessing the Power of Open Source for Private Clouds: Ubuntu Cloud Infrastructure with OpenStack
Harnessing the Power of Open Source for Private Clouds: Ubuntu Cloud Infrastructure with OpenStack
George Whittaker
Text Manipulation in Linux: Awk Vs. Sed
Text Manipulation in Linux: Awk Vs. Sed
George Whittaker
Best Practices and Strategic Insights to Dockerizing Your Linux Applications
Best Practices and Strategic Insights to Dockerizing Your Linux Applications
George Whittaker